Lucene search
K

89763 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 p.m.5 views

CVE-2026-40174

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 7:40 p.m.30 views

CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 7:40 p.m.7 views

CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 7:40 p.m.7 views

EUVD-2026-28154

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 6:30 p.m.14 views

EUVD-2026-27848

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...

7.2CVSS6AI score0.00427EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/06 6:13 p.m.9 views

NPM: dssrf: every IPv6 category bypasses is_url_safe

NPM: dssrf: every IPv6 category bypasses isurlsafe vulnerability discovered by ? in WordPress Npm dssrf versions 1.3.0...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/06 6:13 p.m.8 views

Incomplete Filtering of Special Elements

Overview dssrf is a SSRF defense library for Node.js with safe URL validation utilities. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements via the isurlsafe function. An attacker can access internal network resources by supplying specially crafted IPv6...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 5:23 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /v1/chat/completions, /v1/responses or /v1/messages endpoints. An attacker can cause the server to make unauthorized HTTP requests to internal resources, potentially exfiltrating sensitive conten...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/06 4:15 p.m.29 views

CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...

7.2CVSS0.00427EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 4:15 p.m.9 views

CVE-2026-20035

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...

7.2CVSS6AI score0.00427EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 4:15 p.m.17 views

CVE-2026-20035

Cisco Unity Connection Web Inbox SSRF: unauthenticated attacker can cause the affected device to issue arbitrary network requests via crafted HTTP requests due to improper input validation. Affected component is the web UI; CVSS 3.1 base score 7.2 (NETWORK, HIGH). Exploitation status and remediat...

7.2CVSS6AI score0.00427EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:15 p.m.8 views

CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...

7.2CVSS6AI score0.00427EPSS
Exploits0References1
Cisco
Cisco
added 2026/05/06 4:0 p.m.19 views

Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery SSRF attacks through an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco...

8.8CVSS6.2AI score0.00696EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 3:32 p.m.5 views

EUVD-2025-209687

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS5.8AI score0.00095EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 3:16 p.m.14 views

CVE-2025-31957

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

5.7CVSS0.00095EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 1:37 p.m.8 views

CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS5.8AI score0.00095EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 1:37 p.m.11 views

CVE-2025-31957

Technical details for CVE-2025-31957 are not publicly available in the provided documents. The records reiterate a CSRF vulnerability in HHCL BigFix Service Management but do not specify affected versions, impact specifics, or remediation steps. Monitor for updates.

5.7CVSS5.8AI score0.00095EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 1:37 p.m.5 views

CVE-2025-31957

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS5.8AI score0.00095EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 1:37 p.m.32 views

CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS0.00095EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/06 10:0 a.m.7 views

WordPress PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite PRO versions = 12.5.0.1...

7.2CVSS5.8AI score0.00577EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder